Configure a Proxy Server

If RSA Authentication Manager is behind an external firewall that restricts outbound traffic, you must configure a proxy server before connecting to the Cloud Authentication Service or before you configure an embedded identity router.

Before you begin

You must be a Super Admin.

Procedure

  1. In the Security Console, click Setup > System Settings.

  2. Click RSA Cloud Authentication Service Configuration.

  3. Under RSA Cloud Authentication Service Firewall Proxy Configuration, click Enable Proxy Configuration.

  4. In the Proxy Host field, enter the hostname of the proxy server. For example, example.com. If you have an HTTP proxy server that does not require a certificate, you can enter either a hostname or an IP address.

  5. In the Proxy Port field, enter the port used by the proxy server.

  6. If the proxy server does not require credentials, leave these fields blank. Otherwise, enter the following:

    1. In the Proxy Username field, enter the unique username for the proxy server.
    2. In the Proxy Password field, enter the unique password for the proxy server.

  7. (HTTPS proxy server only) If you make changes to an HTTPS proxy server, a new Registration Code and Registration URL is required. You must connect to the Cloud Authentication Service again and accept a new certificate.

    This step does not apply to HTTP proxy servers.

    To connect again, do the following:

    1. Under Register RSA Authentication Manager with the RSA Cloud Authentication Service, copy and paste the Registration Code and the Registration URL from the Cloud Administration Console, or obtain this information from a Cloud Authentication Service Super Admin and manually enter it.
    2. Apply the changes to the HTTPS proxy server by clicking Connect to the RSA Cloud Authentication Service. Saving the changes on the page does not update the connection.
    3. You are prompted to trust a proxy server certificate. Verify the certificate with your help desk or network administrator, and click Yes.

      The trusted proxy server certificate cannot be deleted in Authentication Manager. You can replace the certificate by updating the proxy server connection or by connecting to a new proxy server, and then connecting to the Cloud Authentication Service again.

    4. Restart the proxy server.

    The proxy server information that you enter automatically updates the connection information for the Telemetry service that sends telemetry data to RSA.

  8. Click Save.